<div dir="ltr"><div>Hi guys!</div><div><br></div><div>Following the sample described in <a href="https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/generating-configuration-blocks.html">https://www.balabit.com/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/generating-configuration-blocks.html</a></div><div><br></div><div>1) I have my &#39;confgen&#39; script that prints the below <b>file()</b> entries. (p.s: these files has content.)</div><div><br></div><div><div># /etc/syslog-ng/scripts/confgen-modsec-skeleton.sh</div><div>file(&quot;/opt/nginx/logs/waf/<a href="http://www.cocada.com">www.cocada.com</a>&quot; program_override(&quot;ng_modsec&quot;) flags(no-parse));</div><div>file(&quot;/opt/nginx/logs/waf/<a href="http://www.caipirinha.com">www.caipirinha.com</a>&quot; program_override(&quot;ng_modsec&quot;) flags(no-parse));</div><div># </div></div><div><br></div><div>2) My config set:</div><div><br></div><div># cat /etc/syslog-ng/conf.d/nginx_modsec.conf <br></div><div><div>options {<br></div><div>    threaded(yes);</div><div>    flush_lines(0);</div><div>    use-dns(no);</div><div>    normalize-hostnames(yes);</div><div>    keep-hostname(yes);</div><div>};</div><div><br></div><div>destination d_collector {<br></div><div>    tcp(&quot;192.168.1.248&quot; port(514)  keep-alive(on)  );</div><div>};</div><div><br></div><div>log {</div><div>@module confgen context(source) name(s_nginx_modsec_log) exec(&quot;/etc/syslog-ng/scripts/confgen-modsec-skeleton.sh&quot;)</div><div>    destination(d_collector);</div><div>};</div><div><br></div><div># </div></div><div><br></div><div>Conclusion: The syslog-ng doesn&#39;t call the script at any time.</div><div><br></div><div># strace -fff /usr/sbin/syslog-ng -dvte 2&gt;&amp;1 | grep &quot;confgen-modsec&quot;<br></div><div><br></div><div>p.s: I have &#39;confgen&#39; support.</div><div><br></div><div><div># syslog-ng --version | grep confgen</div><div>Available-Modules: syslogformat,kvformat,afamqp,sdjournal,system-source,afuser,json-plugin,dbparser,affile,afsocket,linux-kmsg-format,afmongodb,mod-python,<b>confgen</b>,csvparser,pseudofile,afsql,afprog,afstomp,cryptofuncs,graphite,basicfuncs</div></div><div>#</div><div><br></div><div>I appreciate any help.</div><div><br></div><div>Best,</div><div>Jorge Pereira</div></div>